3-685
INSTRUCTION SET REFERENCE
SYSEXITFast Transition from System Call Entry Point
Description
The SYSEXIT instruction is part of the "Fast System Call" facility introduced on the Pentium
®
II processor. The SYSEXIT instruction is optimized to provide the maximum performance for
transitions to protection ring 3 (CPL = 3) from protection ring 0 (CPL = 0).
The SYSEXIT instruction sets the following registers according to values specified by the oper-
ating system in certain model-specific or general purpose registers.
CS registerset to the sum of (16 plus the value in SYSENTER_CS_MSR)
EIP registerset to the value contained in the EDX register
SS registerset to the sum of (24 plus the value in SYSENTER_CS_MSR)
ESP registerset to the value contained in the ECX register
The processor does not save kernel stack or return address information, and does not save any
registers.
The SYSENTER and SYSEXIT instructions do not constitute a call/return pair; therefore, the
system call "stub" routines executed by user code (typically in shared libraries or DLLs) must
perform the required register state restore to create a system call/return pair.
The SYSEXIT instruction always transfers to a flat protected mode user at CPL = 3. SYSEXIT
can be invoked only from protected mode and CPL = 0. The instruction requires that the
following conditions are met by the operating system:
The CS selector for the target ring 3 code segment is 32 bits, mapped as a flat 0-4 GB
address space with execute, read, and non-conforming permissions.
The SS selector for the target ring 3 stack segment is 32 bits, mapped as a flat 0-4 GB
address space with expand-up, read, and write permissions.
An operating system must set the following:
Opcode
Instruction
Description
0F, 35
SYSEXIT
Transition from System Call Entry Point
Name
Description
CS Selector
The Target Ring 3 CS Selector. This is assigned the sum of (16 + the value
of SYSENTER_CS_MSR).
SS Selector
The Target Ring 3 SS Selector. This is assigned the sum of (24 + the value
of SYSENTER_CS_MSR).
EIP
Target Ring 3 Return EIP. This is the target entry point, and is assigned the
value contained in the EDX register.
ESP
Target Ring 3 Return ESP. This is the target entry point, and is assigned the
value contained in the ECX register.
